Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Just another Perl shrine
 
PerlMonks  

mod_perl and writing to 755 folders

by ultranerds (Pilgrim)
on Jun 14, 2013 at 09:23 UTC ( #1038928=perlquestion: print w/ replies, xml ) Need Help??
ultranerds has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

Recently I setup mod_perl on my site, and since then I keep getting annoying error like:

Could not open /home/user/public_html/links/images/0/520950-1371201515-1.jpg because Permission denied at /home/user/public_html/cgi-bin/links/admin/Plugins/AJAXImageUpload.pm line 145.

The folders are set at 755. This worked fine without mod_perl... but as soon as I enabled it, I get these errors on any folders that need writing to. The only work around is to CHMOD them to 777... which is far from ideal!

Is there anything I can do?

TIA

Andy

Comment on mod_perl and writing to 755 folders
Re: mod_perl and writing to 755 folders
by Anonymous Monk on Jun 14, 2013 at 09:32 UTC

    Is there anything I can do?

    Yeah, give permission to apache user/group

      Hi,

      Thanks for the reply :)

      How do I do that? Here is what I have in the conf:

      ServerName site.org ServerAlias www.site.org DocumentRoot /home/user/public_html ServerAdmin webmaster@site.org UseCanonicalName Off CustomLog /usr/local/apache/domlogs/site.org combined CustomLog /usr/local/apache/domlogs/site.org-bytes_log "%{%s}t %I +.\n%{%s}t %O ." ErrorLog /home/user/error_log ## User user # Needed for Cpanel::ApacheConf UserDir enabled user <IfModule mod_suphp.c> suPHP_UserGroup user user </IfModule> <IfModule !mod_disable_suexec.c> <IfModule !mod_ruid2.c> SuexecUserGroup user user </IfModule> </IfModule> <IfModule mod_ruid2.c> RUidGid user user </IfModule> ScriptAlias /cgi-bin/ /home/user/public_html/cgi-bin/ PerlRequire /home/user/startup.pl <Directory /home/user/public_html/cgi-bin/links> SetHandler perl-script PerlResponseHandler ModPerl::Registry PerlOptions +ParseHeaders Options +ExecCGI </Directory> # To customize this VirtualHost use an include file at the followi +ng location # Include "/usr/local/apache/conf/userdata/std/2/user/site.org/*.c +onf" </VirtualHost>


      Would I just add this into my <directory> part?

      SuexecUserGroup user user

      TIA

      Andy

        How do I do that?

        Some form of chmod or chgrp I imagine, but it's been a very long time since I've dealth with this

Re: mod_perl and writing to 755 folders
by MidLifeXis (Prior) on Jun 14, 2013 at 12:36 UTC

    Be very careful about validating that the server here is not public facing, or that the uploader is very well protected, or it could end up being a drop box for many items that are less than desirable.

    It appears to be that the image uploader is dropping an image directly into the public_html directory for the user. If this public_html directory is available to the web, and the script that is allowing the upload is not protected well, it would be quite easy to use the user's image area for a dropbox for certain types of images, warez, and other content typically not acceptable to service providers (and perhaps the user).

    Update: I also would (typically) not allow a mod_perl component to run in a user's context, unless the user is the sole process owner on that instance of Apache. mod_perl runs in the context of the server, and, if I remember correctly (I am certain that I will be corrected if I don't), is not able to be run as the user, the way that fCGI, CGI, PHP, and other script types can be. By loading a module under mod_perl from the user's directory, you are giving the user access to your entire Apache instance. The user is able to modify the module, and on the next server restart, will have the new code executing, or perhaps crashing the server.

    --MidLifeXis

      The images get removed after 30 mins, if they didn't go through with the process (even a slow person can submit the short form in less than 5 mins, so 30 mins if more than enough). We also cap them to just images (not exe, zip, pdf's etc etc).

      Unfortunately it needs to be viewable from the browser (as we show a preview image once its uploaded

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1038928]
Approved by hdb
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (9)
As of 2014-04-17 06:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (440 votes), past polls